<?php
// shows profiles - own, friend's, non-friend's

// Rules:
// 1. If showing one's profile, allow input of a new status message.
// 2. If showing a friend's profile, show status messages of that friend, in reverse chronological order
// 3. If showing a non-friend's profile, show current status message

// Note: This script does not check if the user exists.

include('config.php');
if(!isset($_SESSION['username'])) // if not set, then we are not logged in
{
	echo '<a href="login.php">Please log in.</a>';
}
else // user is logged in
{
	// links
	echo '<a href="logout.php">Logout</a><br/><br/>';

	// this is accessed as profile.php?id=xx where xx gets replaced by the id of the user
	// if it is accessed as profile.php (without the id parameter), then we want to show our own profile
	// if the id parameter is equal to the logged in user's id, we also show our own profile
	if($_GET['id'] == '' || $_GET['id'] == $_SESSION['userid'])
	{
		$viewing = 'own';
	}
	else if(are_friends($_GET['id'], $_SESSION['userid']))
	{
		$viewing = 'friend';
	}
	else
	{
		$viewing = 'nonfriend';
	}
	
	if($viewing == 'own')
	{
		echo 'You are viewing your own profile.<br/><br/>';
		
		// show people you have requested to be friends
		echo '<b>People you want to befriend</b>:<br/>';
		$result = mysql_query("select requestee from friendreqs where requester=".$_SESSION['userid']);
		while($row = mysql_fetch_array($result))
		{
			echo '<a href="profile.php?id='.$row['requestee'].'">User #'.$row['requestee'].'</a> ';
			echo '<a href="cancel-friendship.php?id='.$row['requestee'].'">Cancel</a><br/>';
		}
		
		// show people who have requested you to be a friend
		echo '<b>People who want to befriend you</b>:<br/>';
		$result = mysql_query("select requester from friendreqs where requestee=".$_SESSION['userid']);
		while($row = mysql_fetch_array($result))
		{
			echo '<a href="profile.php?id='.$row['requester'].'">User #'.$row['requestee'].'</a> ';
			echo '<a href="confirm-friendship.php?id='.$row['requester'].'">Confirm</a> ';
			echo '<a href="deny-friendship.php?id='.$row['requester'].'">Deny</a><br/>';
		}
	}
	else
	{
		// get the username of this user
		$result = mysql_query("select * from users where id=".$_GET['id']);
		$row = mysql_fetch_array($result);
		echo 'You are viewing ' . $row['username']. "'s profile.<br/><br/>";
	}
	
	// show the form for status message if viewing your own profile
	if($viewing == 'own')
	{
		// showing our own profile
		echo 'Enter a status message:<br/>';
		
		// show the form to add status message
		echo '<form action="status-exec.php" method="post">';
		echo '<textarea name="statusmsg" rows="2" cols="30"></textarea><br/>';
		echo '<input type="submit" value="Submit" /></form>';
	}
	
	// show add friend link if not a friend yet
	if($viewing == 'nonfriend')
	{
		// three possibilities:
		// 1. user has requested friendship - confirm or deny links
		// 2. you have requested friendship - cancel
		// 3. none of the above - add friend link
		
		// will be changed to false if there is already a pending friend request
		$add_friend = true;
	
		// check for first possibility 
		$result = mysql_query("select * from friendreqs where requestee=".$_SESSION['userid']." and requester=".$_GET['id']);
		if(mysql_num_rows($result)==1)
		{
			echo '<a href="confirm-friendship.php?id='.$_GET['id'].'">Confirm</a> ';
			echo '<a href="deny-friendship.php?id='.$_GET['id'].'">Deny</a><br/>';
			$add_friend = false;
		}
		
		// check for second possibility
		$result = mysql_query("select * from friendreqs where requester=".$_SESSION['userid']." and requestee=".$_GET['id']);
		if(mysql_num_rows($result)==1)
		{
			echo '<a href="cancel-friendship.php?id='.$_GET['id'].'">Confirm</a> ';
			$add_friend = false;
		}
		
		if($add_friend)
		{
			echo '<a href="add-friend.php?id='.$_GET['id'].'">Add as friend.</a>';
		}
	}
	
	// create the sql to query the database
	if($viewing == 'own')
	{
		$sql = "select * from statmsgs where uid=".$_SESSION['userid']." order by time desc";
	}
	else if($viewign == 'friend')
	{
		$sql = "select * from statmsgs where uid=".$_GET['id']." order by time desc";
	}
	else // not a friend - show only the latest
	{
		$sql = "select * from statmsgs where uid=".$_GET['id']." order by time desc limit 1"; // note the limit 1 - only one row!	
	}
	
	// show the status messages, in reverse chronological order
	$result = mysql_query($sql);
	while($row = mysql_fetch_array($result))
	{
		echo '<b>'.$row['time'].'</b> '.$row['statmsg'].'<br/><br/>';
	}
}